Secure Mobile Access 12.5 Administration Guide

Technical Documentation>  Appendix>  Log File Output Formats>  System Message Log
Table of Contents

System Message Log

The system message log is created in syslog format and includes logs for the Web proxy service, the network tunnel service, and the policy server, which is an internal service that manages the policies for the other services. Additionally, it provides detailed messages about all access control decisions. Each time a user request aligns with a policy rule, a log entry is recorded that explains the action taken.

System message logs are stored on disk in the file /var/log/aventail/access_servers.log) and contain these parameters:

[DATESTAMP] [HOSTNAME] [PID] [SOURCE ID] [LEVEL] [TYPE MESSAGE]

This example illustrates a system message log file entry:

[29/Jul/2025:07:01:59.788422 -0700] wmperry-12-5-0-01740-default-standalone 003746 up 00000000 Internl System BPQueue<AVPSD> Thresholds:Low=200 High=400 Disable=100 Spread=200

[29/Jul/2025:14:02:38.051761 +0000] wmperry-12-5-0-01740-default-standalone 000000 kp 0000020a Internl Misc <KERNEL> created channel (pid=6268):0000000021ce9936

System message log fields
Field Description
Date and Time

The date and time when the message was generated by the service.

Example: [29/Jul/2025:07:01:59]
Host Name

The host name.

Example: wmperry-12-5-0-01740-default-standalone

Process ID (PID)

Every application that is running is assigned a process ID. This PID identifies the application that generated the log entry.

Example: 003746
Source

The appliance name of the user making the request.

Example: up 00000000

Level (Severity)

The message severity levels are:

  • Error-A problem caused the server to shut down or fail to communicate with another component. A name resolution problem at startup is logged at this level.

  • Warning-Something unexpected occurred that does not adversely affect the operation of the server. For example, a single failed attempt to access a RADIUS server is logged at the Info level, but if all attempts fail, an entry is added to the log file at the Warning level.

  • Info-A normal event that you might want to track; for example, a specific user has logged in, or has matched a given access control rule.

  • Verbose-Like an Info message, this level identifies normal operations, but includes the steps in a process. For example, when processing access control rules a message for each non-match is at the Verbose level, while a matched rule is identified as Info.

  • Internal- SonicWall internal use only.
Message text

The text following all the identifying information is the message itself. See Access Policy Decisions for an explanation of the message text for access policy decisions.

Example: Error Misc Unable to retrieve authentication realms.

Application ID

Identifies the server process that generated the message. The possible IDs are:

  • ap (API server)

  • cp (SMA distributed cache client: policy server, client credential storage)

  • dc (SMA distributed cache server: policy server, client credential storage)

  • ev (network tunnel service—kernel component)

  • ew (Web proxy service)

  • fm (failover monitor)

  • kp (network tunnel kernel mode policy server interface)

  • ks (network tunnel kernel mode interface to SSL daemon)

  • kt (kernel tunnel component)

  • ls (log server)

  • ps policy service (Also see Access Policy Decisions)

  • pt (ping/traceroute tools)

  • uk (unknown)

  • up (network tunnel policy server daemon)

  • us (network tunnel user space SSL daemon)